In this work, we argue that the usage of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerability in the protocol. We formulate a generalized algorithm for cryptanalysis to perform clogging attack (a form of denial of service) on protocols which use the computationally intensive modular exponentiation to guarantee security. We then apply this technique to cryptanalyze four recent password authentication protocols, and observe all four of them to be prone to the clogging attack. The first one by Yang et al. is a password-based authentication scheme to preserve identity privacy. This protocol does not use timestamps. The second protocol we consider for analysis is by Islam. This is a smart card-based remote user password authentication protocol that uses timestamps. The third protocol by Jiang et al. is a password-based authentication protocol that does not use smart cards. Finally, the last protocol we consider for analysis is by Wang et al. This is a recent smart card-based authentication protocol claimed to be immune to the DoS attack. The protocols differ in either their usage of factors (smart cards, memory drives etc.), or their way of communications (usage of encryption, nonces, timestamps etc.). But their similarity lies in their usage of the computationally intensive modular exponentiation as a medium of authentication. We A preliminary version of this paper received the Best Paper award at ICACNI 2014.We use the terms scheme and protocol interchangeably in this work.B Swapnoneel Roy conclude that the strengths of all the protocols, e.g., Yang et al. (usage of nonce, and encryption), or, e.g., Islam (usage of timestamps) can be combined to prevent the clogging attack on the protocols.
In this chapter, we study the energy consumption by various modern cryptographic protocols for the cloud from the algorithmic perspective. The two categories of protocols we consider are (1) hash functions and (2) symmetric key encryption protocols. We identify various parameters that moderate energy consumption of these hashes and protocols. Our work is directed towards redesigning or modifying these algorithms to make them consume lesser energy. As a first step, we try to determine the applicability of the asymptotic energy complexity model by Roy on these hashes and protocols. Specifically, we try to observe whether parallelizing the access of blocks of data in these algorithms reduces their energy consumption based on the energy model. Our results confirm the applicability of the energy model on these hashes and protocols. Our work is motivated by the importance of cryptographic hashes and symmetric key protocols for the cloud. Hence the design of more energy efficient hashes and protocols will contribute in reducing the cloud energy consumption that is continuously increasing.
Abstract. In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Jiang et al., is a password-based authentication scheme 1 which does not use smart cards. We note that this scheme is an improvement over Chen et al.'s scheme shown vulnerable to the off-line dictionary attack by Jiang et al. We perform a cryptanalysis on Jiang at al.'s improved protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack. The other protocol we consider for analysis is by Wang et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Wang et al., and require the server to compute the computationally intensive modular exponentiation are prone to the clogging attack. We suggest (another) improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Jiang et. al.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.